On Wed, 2017-05-24 at 17:02 +0100, Edson via samba
wrote:> thewolf at xxxthewolf:~/samba$ gpg --import samba-pubkey.asc
> gpg: key 6F33915B6568B7EA: "Samba Distribution Verification Key
> <samba-bugs at samba.org>" not changed
> gpg: Total number processed: 1
> gpg: unchanged: 1
>
> thewolf at xxxthewolf:~/samba$ gpg --verify samba-4.6.4.tar.asc
> gpg: assuming signed data in 'samba-4.6.4.tar'
> gpg: Signature made ter 23 mai 2017 04:21:57 -04
> gpg: using DSA key 6F33915B6568B7EA
> gpg: Good signature from "Samba Distribution Verification Key
> <samba-bugs at samba.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
owner.
> Primary key fingerprint: 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
Correct, but if you downloaded the signature from our https:// website,
then you could reasonably choose to trust it. This just means that GPG
can't figure out a trust value from the web of trust, which does not
rely on transport security.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba